scope:

This Standard provides generic principles, requirements, and guidance as well as the framework for a management system to assist organizations in the design, implementation, monitoring, evaluation, maintenance, and replacement of PPS. All the requirements and guidance in this Standard are intended to be incorporated in ANSI/ASIS SPC.1-2009, or any type of an organization's management system based on the PDCA model. The Standard is applicable to organizations of all sizes across all sectors: private, public and not-for-profit.

A PAPMS includes the protection of both tangible and intangible assets.

This Standard is applicable to any organization that wishes to:

a) Establish, implement, maintain, and improve the PAPMS;

b) Confirm conformity with its stated PAP and management policy;

c) Commit to continual improvement through duty of care; and

d) Demonstrate conformity with this Standard by:

I. Making a self-determination and self-declaration;

II. Seeking confirmation of its conformance by parties having an interest in the organization (such as customers); or

III. Seeking confirmation of its self-declaration by an external party.

This Standard provides generic principles, requirements, and guidance intended to be incorporated into any organization-wide risk and resilience management system (see ANSI/ASIS SPC.1-2009) intended to minimize the risks of disruptive events; it is not intended to promote a uniform approach to all organizations in all sectors. The design, implementation, and evaluation of PAP plans, procedures, and practices should take into account the particular requirements of each organization: its objectives, context, customers, culture, structure, assets, operations, processes, products, and services - as well as financial and regulatory realities.